The present invention relates to a technique that performs encrypted communication via a communication network such as the Internet, and more particularly, to a technique that utilizes a computer system which uses a storage device such as a hard disk device via a network from a device connected to the communication network such as the Internet.
Japanese Patent Laid-open Publication No. 2005-327233 (page 13, FIG. 9, hereinafter be referred to as Patent Document 1) discloses a technique in which, in a configuration in which a storage device and blade computers are connected to one another via a network, a user accesses one of the blade computers by using an arbitrary terminal device connected to the network, to use the blade computer as a computer to which the user can freely and individually set an environment or applications. The blade computer refers to a single computer board as one of a plurality of computer boards that are generally used by being stored in a rack. Each blade computer is configured by mounting a CPU, a memory, and the like on an electronic substrate (hereinafter, referred to as a blade).
In a case where an external terminal device connected to an external network such as the Internet accesses the blade connected to an internal network of organizations including companies, a firewall is provided at a boundary between the external network and the internal network to judge whether a user of the external terminal device is authorized. If the user of the external terminal device is authorized, the user can access the blade connected to the internal network. However, Patent Document 1 includes no description of a method that encrypts communication between the external terminal device and the blade.
On the other hand, as a technique that authenticates the external terminal device and encrypts communication, there is a virtual private network (VPN) technique as exemplified by “Alteon SSL VPN”, NORTEL NETWORKS, found on p. 2-3 of (http://www.nortel.com/products/01/alteon/sslpvn/collateral/nn102960-073103.pdf) (hereinafter, referred to as Document 2). A description will be given of an example case where the external terminal device connected to the external network such as the Internet performs encrypted communication with an internal terminal device connected to the internal network of an organization including companies.
First, the external terminal device transmits a request for connection to the internal terminal device to a VPN device provided at an entrance of the intra-organization network via the Internet. Here, the VPN device uses a public key certificate (hereinafter, will be referred to as certificate) and the like to authenticate the external terminal device, and confirms that the external terminal device is permitted to access the internal terminal device. Further, the external terminal device uses the certificate and the like to authenticate the VPN device.
When the external terminal device and the VPN device are mutually authenticated, data exchanged between the external terminal device and the VPN device is encrypted by using an encryption key shared by the two devices. In addition, the VPN device connects to the internal terminal device and relays data to be exchanged by the external terminal device and the internal terminal device.
As described above, the external terminal device can communicate with the internal terminal device via the VPN device. Further, the data exchanged between the external terminal device and the VPN device is encrypted, so it is possible to perform secure communication.
Document 2 discloses functions of an appliance that provides the VPN technique as described above.